Extensive application of __owur to CT functions that return a boolean

Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

2 files changed, 36 insertions, 16 deletions

diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
index b82fabc4f0..eb1d377b4a 100644
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -167,20 +167,41 @@ SCT_CTX *SCT_CTX_new(void);
  */
 void SCT_CTX_free(SCT_CTX *sctx);
 
-/* Sets the certificate that the SCT is related to */
-int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
-/* Sets the issuer of the certificate that the SCT is related to */
-int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
-/* Sets the public key of the issuer of the certificate that the SCT relates to */
-int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
-/* Sets the public key of the CT log that the SCT is from */
-int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+/*
+ * Sets the certificate that the SCT is being verified against.
+ * This will fail if the certificate is invalid.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+
+/*
+ * Sets the issuer of the certificate that the SCT is being verified against.
+ * This is just a convenience method to save extracting the public key and
+ * calling SCT_CTX_set1_issuer_pubkey().
+ * Issuer must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+
+/*
+ * Sets the public key of the issuer of the certificate that the SCT is being
+ * verified against.
+ * The public key must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the public key of the CT log that the SCT is from.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 
 /*
  * Does this SCT have the minimum fields populated to be usuable?
  * Returns 1 if so, 0 otherwise.
  */
-int SCT_is_complete(const SCT *sct);
+__owur int SCT_is_complete(const SCT *sct);
 
 /*
  * Does this SCT have the signature-related fields populated?
@@ -188,6 +209,6 @@ int SCT_is_complete(const SCT *sct);
  * This checks that the signature and hash algorithms are set to supported
  * values and that the signature field is set.
  */
-int SCT_signature_is_complete(const SCT *sct);
+__owur int SCT_signature_is_complete(const SCT *sct);
 
 
diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c
index 7c50c91d69..89051d2f7c 100644
--- a/crypto/ct/ct_sct_ctx.c
+++ b/crypto/ct/ct_sct_ctx.c
@@ -111,7 +111,7 @@ static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
  * AKID from the presigner certificate, if necessary.
  * Returns 1 on success, 0 otherwise.
  */
-static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
+__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
 {
     int preidx, certidx;
     int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
@@ -230,10 +230,10 @@ err:
     return 0;
 }
 
-static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
-                              size_t *hash_len)
+__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
+                                     size_t *hash_len)
 {
-    int ret = -1;
+    int ret = 0;
     unsigned char *md = NULL, *der = NULL;
     int der_len;
     unsigned int md_len;
@@ -271,8 +271,7 @@ static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
 
 int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
 {
-    return ct_public_key_hash(X509_get_X509_PUBKEY(issuer), &sctx->ihash,
-                              &sctx->ihashlen);
+    return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
 }
 
 int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)